Have you ever stopped to think about how many user accounts we have on the Internet? Bank accounts, utility providers, Social Networks, email, e-commerce, … Nowadays we handle an almost infinite number of digital services.
How many times did you have to repeat the same registration process? Do you remember what personal information you shared each time? Do you know what personal data is stored and processed by each of these services you are registered in?
According to a Eurobarometer survey, 72% of users want to know how their data is processed when using digital services, and 63% of EU citizens want a single, secure digital ID for all online services.
A new European model for digital citizen identity
In this context, on June 3, 2021, the European Commission announced its new proposal for a secure and trusted digital identity. In the words of Ursula von der Leyen, President of the European Commission:
«Whenever an app or a website asks us to create a new digital identity or to easily connect through a large platform, we really have no idea what happens to our data. This is why the Commission will propose a secure European e-identity. An identity that we trust and that every citizen can use everywhere in Europe for everything from paying taxes to renting a bicycle. A technology allowing us to control for ourselves what data is used and how it is used»
From user accounts to sovereign identity wallets
The EU has set out to regain sovereignty over our personal data and is working on the definition of the new digital identity model, based on identity wallets. A wallet is a cryptographic application that is installed on our mobile devices allowing us to store and share credentials related to our identity and its attributes.
This new model is based on:
- The concept of sovereign/decentralised identity on blockchain
- Verifiable credential exchange standards
Under this new paradigm, users go from having as many identities or user accounts as digital services we use, to a single identity that we carry on our mobiles, and that we share totally or partially (through the attributes of the identity) with the rest of the world.
Binding Directive for EU countries
The new regulation on electronic identification (eID) is part of the European regulatory scheme eIDAS (electronic IDentification, Authentication and trust Services), and will be mandatory for EU Member States, which by the end of 2023/beginning of 2024 at the latest, will have to provide their citizens with an identity wallet that will enable them to;
- Access public services and apply for e.g. a birth or medical certificate, or report a change of address.
- File your tax return
- Applying for a place at a public or private university in any EU member country
- Open a bank account
- Store a medical prescription that can be used anywhere in Europe
- Validate your age online/offline without having to share/show your national identity document
- Rent a car using a digital driving licence
- Check into a hotel
Impact on the private sector
This new regulation will also be mandatory for the private sector, in particular for those online services that need to implement “strong” authentication mechanisms. This includes sectors such as transport, energy, banking and financial services, insurance, health, telecommunications and education, as well as large online platforms such as Google, Apple, Facebook and Amazon.
According to the European Commission, it is estimated that the implementation of this new identity model will benefit the private sector through:
- Reducing the operational costs of; identifying, authenticating and managing your users’ personal data
- Reducing online fraud.
Recovering digital sovereignty
Decentralised/sovereign identity models have long been a hot topic in the identity framework. There was a consensus among experts on their usefulness and technical feasibility, but there was a lack of momentum to validate their economic viability, a lack of a use case to energise the ecosystem. Now it seems that this momentum has finally arrived via the EU.
All in all, the horizon points to the fact that we are beginning to redefine identity as we know it to date, a new model of identity designed for people, in which attributes such as privacy and sovereignty over personal information are defined factors from its initial conception.